Increased the maximum size allowed for handshake messages to 128kb

This would allow the library to cope with larger packets, as well
as TLS 1.3 hellos. Suggested by Hubert Kario.

2 files changed, 5 insertions, 2 deletions

diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8eb555361f..3b8d6299f9 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -105,7 +105,7 @@ typedef struct {
 /* The size of a handshake message should not
  * be larger than this value.
  */
-#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
+#define MAX_HANDSHAKE_PACKET_SIZE 128*1024
 
 /* The maximum digest size of hash algorithms. 
  */
diff --git a/lib/handshake.c b/lib/handshake.c
index 9a8c9acc3f..e9751ef9d5 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -3392,11 +3392,14 @@ _gnutls_recv_hello_request(gnutls_session_t session, void *data,
  * This function will set the maximum size of all handshake messages.
  * Handshakes over this size are rejected with
  * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code.  The default value is
- * 48kb which is typically large enough.  Set this to 0 if you do not
+ * 128kb which is typically large enough.  Set this to 0 if you do not
  * want to set an upper limit.
  *
  * The reason for restricting the handshake message sizes are to
  * limit Denial of Service attacks.
+ *
+ * Note that the maximum handshake size was increased to 128kb
+ * from 48kb in GnuTLS 3.5.5.
  **/
 void
 gnutls_handshake_set_max_packet_length(gnutls_session_t session,